Back to skill

Security audit

open-show

Security checks across malware telemetry and agentic risk

Overview

This is a coherent slideshow converter, but it needs review because its web-fetching code silently falls back to insecure HTTPS handling.

Install only if you are comfortable with a local Python tool that reads selected documents, fetches web pages and remote images, embeds content into generated HTML, and stores the result on disk. Avoid sensitive internal URLs or private documents, and prefer waiting for a version that removes the insecure verify=False HTTPS fallback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation directs the agent to perform shell commands, read local files, write output files, and fetch arbitrary URLs, yet no declared permissions or trust boundaries are specified. This creates a real security gap because a user may trigger network access or local file processing without explicit capability declaration, making review, sandboxing, and consent harder.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
On any exception during URL fetch, the code retries with TLS certificate verification disabled and suppresses the associated warning. That permits man-in-the-middle interception of remote content, which is especially risky because fetched HTML and images are then embedded into generated output and may influence what the user later opens locally.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases include broad everyday expressions such as '幻灯片', '生成演示稿', and '做 deck', which can cause the skill to activate in conversations that are only discussing slides rather than requesting file conversion. Because this skill can invoke shell, network fetches, and local file handling, accidental activation materially increases the chance of unintended sensitive actions.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation rules are written as absolute 'activate when any keyword appears' logic, without exclusions or disambiguation criteria. In this context that is risky because the skill supports arbitrary local paths and URLs and prescribes immediate command execution, so loose matching can turn normal conversation into unintended file/network operations.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.